|
Bugtraq
mailing list archives
Re: Overflow in xlock
From: troy () AUSTIN IBM COM (Bollinger)
Date: Sun, 27 Apr 1997 09:30:53 -0500
-----BEGIN PGP SIGNED MESSAGE-----
George Staikos wrote:
There appears to be an exploitable buffer overflow in xlock, the X based
screensaver/locker. Xlock is installed suid root on machines with
shadowed passwords. I have verified this on xlock versions on AIX 4.x
There's a temporary fix for the AIX v4 xlock available for anonymous ftp
from testcase.software.ibm.com:/aix/fromibm/xlock.overflow_fix.aix4.Z.
Checksums:
sum 01445 73 xlock.overflow_fix.aix4
sum -i 41749 73 xlock.overflow_fix.aix4
sum -o 14725 73 xlock.overflow_fix.aix4
MD5 (xlock.overflow_fix.aix4) = e5e679a73b5a28ef471751bfee67d00c
Official APARs are in progress and will be available shortly.
If there are any questions regarding this fix or any other AIX security
bug, please contact security-alert () austin ibm com Sensitive
information can be encrypted using the AIX Security PGP key. To
retrieve this key send email with a subject of "get key" to
security-alert () austin ibm com
- --
+---------------- I do not speak for IBM! ------------------+
|Troy Bollinger | email: troy () austin ibm com|
|AIX Security Development | Sometimes the old ways are best.|
+-------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
iQCVAwUBM2NjHQsPbaL1YgqvAQGnIwP9Ep9XFmNKDMgUkzJyK8c9kHKM4J76SQkU
OPE8VvWKBGu9BezomMDd/RLf9b1lxA+lW0+vQvp+cEq8DRbGnI9V2pHiZBi6ESRG
9fwkFa07Uy5+6lDsO1HXYLwpLa8JBxqgH8wonUVFABrLBdaHXs3pxwdmHD1npBKA
P4o7hGikIzk=
=0kSc
-----END PGP SIGNATURE-----
 By Date 
By Thread
Current thread:
- Re: CPSN 4-970424: Possible buffer overflow in pop3d, (continued)
| 
Intro
